[*] New Additions
* HTTP Inspect now splits requests into 5 components -
Method, URI, Header (non-cookie), Cookies, Body.
Content and PCRE rule options can now search one or more of these buffers.
HTTP server-specific configurations to normalize the HTTP header and/or cookies have been added.
Support gzip decompression across multiple packets.
* Added a Sensitive Data preprocessor, which performs detection of Personally Identifiable Information (PII). A new rule option is available to define new PII. See README.sensitive_data and the Snort Manual for configuration details.
* Added a new pattern matcher and related configurations. The new pattern matcher is optimized to use less memory and perform at AC speed.
[*] Improvements
* Addressed problem to resolve output obfuscation affecting packets when Snort is inline.
* Preprocessors with memcap settings can now be configured in a "disabled" state. This allows you to configure that memcap globally, but only enable the preprocessor in targeted configurations.
Go to http://www.snort.org to download the latest release! I have two more posts that will be coming out later today with further updates, so make sure you read those as well. Also, make sure you read the VRT blog for further information: http://vrt-sourcefire.blogspot.com
Subscribe to:
Post Comments (Atom)
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
Let's say you're like me, an avid Omnifocus user, but you've been hearing great things about Reminders on MacOS/iOS/iPadOS, and ...
8 comments:
[...] This post was mentioned on Twitter by JoelEsler, subdriven and Scott Hazel, ddp. ddp said: RT @JoelEsler: Snort 2.8.6 is released! http://goo.gl/fb/ksoIb [...]
Allan, the 2.8.6 rules should be out today. Stay tuned.
Using exact same configure options on an Ubuntu 9.04 x64 server as 2.8.5.3, 2.8.6 seems to give a segfault shortly after loading up my rules.
[...] sure and read my other two posts in order to make sure you are fully up to date with everything going on. Also be sure and [...]
Using exact same configure options on an Ubuntu 9.04 x64 server as 2.8.5.3, 2.8.6 seems to give a segfault shortly after loading up my rules.
Using exact same configure options on an Ubuntu 9.04 x64 server as 2.8.5.3, 2.8.6 seems to give a segfault shortly after loading up my rules.
Allan, the 2.8.6 rules should be out today. Stay tuned.
Allan, the 2.8.6 rules should be out today. Stay tuned.
Post a Comment